Most small businesses don't understand mobile security threats

A recent survey of SME IT professionals found that 68% of their organizations do not have a BYOD policy in place
A recent survey of SME IT professionals found that 68% of their organizations do not have a BYOD policy in place

According to a study from Spiceworks, sponsored by Marble Security, while 89% of SME IT pros are supporting remote employees, 68% do not have a BYOD policy in place, and 74% have not yet implemented a mobile device management (MDM) solution.

When considering the laundry list of cybercrime, more than half of all SMEs typically lack specific security measures: advanced persistent threats (APTs) (68% have no protection in place); malicious and privacy-leaking apps (58% lack security); rooted or jailbroken devices (57% have no policy); DNS poisoning (57%); unpatched OS versions (56%); spear phishing (55%); compromised Wi-Fi hotspots (47%); and malware, Trojans and zero-day attacks (35%).

The fact that SMEs are poorly prepared to protect mobile devices is in part attributable to an awareness gap, the study found, with many IT pros admitting they are not even aware of these critical threats. Surprisingly, only 58% understand APTs, for instance.

Only 45% are aware of the simple yet dangerous threat of spear-phishing, which is a prime vector for infection for organizations of all sizes, even large government entities. A recent Trend Micro report found that 91% of targeted attacks involve spear-phishing emails, reinforcing the belief that spear phishing is a primary means by which APT attackers infiltrate target networks. So, defending the user against phishing attacks becomes a primary line of security defense – particularly in light of the fact that nearly 60% of employees receive phishing emails every day, according to PhishMe.

“You can’t defend against threats you don’t understand,” said Marble Security CTO and founder David Jevans, who is also chairman of the Anti-Phishing Working Group (APWG). “Hackers know mobile devices are the weak point and that is where they are attacking.”

In somewhat good news, the survey also made it clear that a third of companies want to address security gaps immediately; 33% of the organizations said they planned to implement an MDM solution in the next six months. But that may not be enough.

“The reality is that MDM alone is not a mobile security solution,” Jevans said, adding that a layered and multipronged defense is key to avoiding data loss and theft.

Mobile malware is one of the fastest-growing arenas for bad actors, snowballing as enterprise mobility becomes ubiquitous. According to the latest malware report published by NQ Mobile, mobile malware increased by 163% in 2012 – but infections rose by 200% to an estimated 32.8%.

“The security industry's 'discover-first-and-inoculate-second' strategy is no longer enough,” said Omar Khan, co-CEO at NQ Mobile. "We need smarter systems that can discover threats before they infect consumers as well as more education so consumers can better spot and avoid these new mobile scams.”

What’s Hot on Infosecurity Magazine?